Posted by Suzanne Spaulding, Acting Under Secretary for the National Protection and Programs Directorate
As technology evolves, the majority of our nation’s critical infrastructure will continue to rely heavily on cyber-dependent systems to make operations more efficient and bring essential services to their customers. These systems operate everything from power plants to pipelines and hospitals to highways, which we often take for granted until they stop working.
Today, the Department of Homeland Security announced the creation of the Critical Infrastructure Cyber Community C³ [pronounced C-Cubed] Voluntary Program. This program is an innovative public-private partnership designed to help align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks.
Last year, President Obama signed Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity, which has changed the way we approach critical infrastructure cybersecurity, and released Presidential Policy Directive (PPD)-21, which aims to increase the overall resilience of our Nation’s critical infrastructure. Together, the EO and PPD drive action toward a whole of community approach to risk management, security and resilience.
The Cybersecurity Framework—developed by the National Institute of Standards and Technology (NIST), in collaboration with industry—consists of standards, guidelines, and best practices to promote the protection of critical infrastructure through cyber risk management. In support of these goals, the program seeks to be flexible, allowing organizations to participate in the C³ Voluntary Program in different ways.
The C³ Voluntary Program emphasizes three C’s:
- Converging critical infrastructure community resources to support cybersecurity risk management and resilience through use of the Framework;
- Connecting critical infrastructure stakeholders to the national resilience effort through cybersecurity resilience advocacy, engagement and awareness; and
- Coordinating critical infrastructure cross sector efforts to maximize national cybersecurity resilience.
The primary goals of the C³ Voluntary Program are to support industry in increasing cyber resilience, to increase awareness and use of the Cybersecurity Framework, and encourage organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management.
Both the private sector and government have a role to play in strengthening our nation’s critical infrastructure security and resilience, including cybersecurity, and it is imperative that we as a country take coordinated actions to achieve this goal. We encourage companies and organizations to join the C³ Voluntary Program and take advantage of technical assistance and tools and resources available to ensure a more resilient critical infrastructure for a more resilient Nation.
Learn more about the C³ Voluntary Program by visiting: www.dhs.gov/ccubedvp.